Experts of the company Digital Shadows have recently reported on an unusual scam – a widespread case of typosquat domains on the dark net. Typosquatting involves registering domain names similar to those of famous brands. For instance, at first glance, the domain name exarnple.com looks like the original example.com domain name in the address bar. When it comes to popular brand names, malicious users can use similar domain names to create fake websites to steal their visitors’ personal data or money.
The use of typosquatting in top-level domains is not new, but its application in the anonymous network Tor is novel. Digital Shadows researchers accidentally stumbled upon an anonymous fraudster’s statements, where he bragged about creating a network of 800 .onion domains on the dark net that were typosquat versions of legitimate dark net websites. Well, the word “legitimate” does not exactly apply, given that we are talking about hacker markets, forums and other similar websites. In the course of four years, these typosquat domains brought the user some $760,000 in BTC (Bitcoin cryptocurrency), collected from payments for goods and services (that, of course, were never provided), donations to support websites (a common practice for the dark web) and sales of hacked account data.
The experts were not able to confirm the scammer’s financial claims; however, they did manage to find at least 500 domain names that served as typosquat versions of popular Tor websites. Perhaps typosquatting really is a goldmine. The fact that onion website addresses include a long set of random characters, making it nearly impossible to remember the necessary address and differentiate between the correct and the fake one, only plays to the benefit of the malicious users.
